From c29dd4d57d0222bbab49f0e587c07cc36588033f Mon Sep 17 00:00:00 2001 From: Adrian Aneci Date: Mon, 30 Oct 2023 10:50:49 +0200 Subject: [PATCH 1/4] Add PDB and PodMonitor and fix some bugs --- charts/cluster-registry-client/Chart.yaml | 2 +- charts/cluster-registry-client/README.md | 9 ++- .../templates/_helpers.tpl | 17 +----- .../{cluster-role.yaml => clusterrole.yaml} | 0 ...lebinding.yaml => clusterrolebinding.yaml} | 2 +- .../templates/configmap.yaml | 1 + .../templates/deployment.yaml | 4 +- .../templates/poddisruptionbudget.yaml | 18 ++++++ .../templates/podmonitor.yaml | 27 ++++++++ .../templates/role-leader-election.yaml | 2 +- .../rolebinding-leader-election.yaml | 2 +- .../templates/service.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- charts/cluster-registry-client/values.yaml | 61 ++++++++++++------- 14 files changed, 99 insertions(+), 50 deletions(-) rename charts/cluster-registry-client/templates/{cluster-role.yaml => clusterrole.yaml} (100%) rename charts/cluster-registry-client/templates/{cluster-rolebinding.yaml => clusterrolebinding.yaml} (90%) create mode 100644 charts/cluster-registry-client/templates/poddisruptionbudget.yaml create mode 100644 charts/cluster-registry-client/templates/podmonitor.yaml diff --git a/charts/cluster-registry-client/Chart.yaml b/charts/cluster-registry-client/Chart.yaml index 55600af9..81b4aa03 100644 --- a/charts/cluster-registry-client/Chart.yaml +++ b/charts/cluster-registry-client/Chart.yaml @@ -15,5 +15,5 @@ maintainers: - name: radu-catalina email: caradu@adobe.com -version: 0.1.6 +version: 0.1.7 appVersion: v1.4.2 diff --git a/charts/cluster-registry-client/README.md b/charts/cluster-registry-client/README.md index dd0a5cec..e8116098 100644 --- a/charts/cluster-registry-client/README.md +++ b/charts/cluster-registry-client/README.md @@ -1,6 +1,6 @@ # cluster-registry-client -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.2](https://img.shields.io/badge/AppVersion-v1.4.2-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.2](https://img.shields.io/badge/AppVersion-v1.4.2-informational?style=flat-square) Cluster Registry is a Rest API representing the source of record for all Kubernetes clusters in the infrastructure fleet. All clusters are automatically registered, and the information is accurately reflected in the Cluster Registry using a client-server architecture. @@ -34,12 +34,15 @@ Cluster Registry is a Rest API representing the source of record for all Kuberne | livenessProbe.initialDelaySeconds | int | `15` | | | livenessProbe.periodSeconds | int | `20` | | | nameOverride | string | `"cluster-registry-client"` | | +| podDisruptionBudget.enabled | bool | `true` | | +| podDisruptionBudget.minAvailable | int | `1` | | +| podMonitor.enabled | bool | `false` | | +| podMonitor.extraLabels | object | `{}` | | | ports[0].containerPort | int | `9090` | | | ports[0].name | string | `"metrics"` | | | ports[1].containerPort | int | `9092` | | | ports[1].name | string | `"amwebhook"` | | | rbac.create | bool | `true` | | -| rbac.nameSuffix | string | `"cluster-client"` | | | readinessProbe.httpGet.path | string | `"/readyz"` | | | readinessProbe.httpGet.port | int | `9091` | | | readinessProbe.initialDelaySeconds | int | `5` | | @@ -54,4 +57,4 @@ Cluster Registry is a Rest API representing the source of record for all Kuberne | terminationGracePeriodSeconds | int | `10` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) diff --git a/charts/cluster-registry-client/templates/_helpers.tpl b/charts/cluster-registry-client/templates/_helpers.tpl index 62cda4f5..858455b3 100644 --- a/charts/cluster-registry-client/templates/_helpers.tpl +++ b/charts/cluster-registry-client/templates/_helpers.tpl @@ -40,8 +40,7 @@ helm.sh/chart: {{ include "cluster-registry-client.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ include "cluster-registry-client.appLabels" . }} -{{ include "cluster-registry-client.componentLabels" . }} +component: cluster-registry {{- end }} {{/* @@ -52,20 +51,6 @@ app.kubernetes.io/name: {{ include "cluster-registry-client.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* -Cluster Registry client application label -*/}} -{{- define "cluster-registry-client.appLabels" -}} -app: cluster-registry-client -{{- end }} - -{{/* -Cluster Registry component label -*/}} -{{- define "cluster-registry-client.componentLabels" -}} -component: cluster-registry -{{- end }} - {{/* Create the name of the service account to use */}} diff --git a/charts/cluster-registry-client/templates/cluster-role.yaml b/charts/cluster-registry-client/templates/clusterrole.yaml similarity index 100% rename from charts/cluster-registry-client/templates/cluster-role.yaml rename to charts/cluster-registry-client/templates/clusterrole.yaml diff --git a/charts/cluster-registry-client/templates/cluster-rolebinding.yaml b/charts/cluster-registry-client/templates/clusterrolebinding.yaml similarity index 90% rename from charts/cluster-registry-client/templates/cluster-rolebinding.yaml rename to charts/cluster-registry-client/templates/clusterrolebinding.yaml index 42fac0a4..70e6df1b 100644 --- a/charts/cluster-registry-client/templates/cluster-rolebinding.yaml +++ b/charts/cluster-registry-client/templates/clusterrolebinding.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: cluster-registry-client-rolebinding + name: cluster-registry-client labels: {{- include "cluster-registry-client.labels" . | nindent 4 }} roleRef: diff --git a/charts/cluster-registry-client/templates/configmap.yaml b/charts/cluster-registry-client/templates/configmap.yaml index 0aff2e5b..54f5345e 100644 --- a/charts/cluster-registry-client/templates/configmap.yaml +++ b/charts/cluster-registry-client/templates/configmap.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: client-config + namespace: {{ .Release.Namespace }} labels: {{- include "cluster-registry-client.labels" . | nindent 4 }} data: diff --git a/charts/cluster-registry-client/templates/deployment.yaml b/charts/cluster-registry-client/templates/deployment.yaml index bbc23b88..a0abe73d 100644 --- a/charts/cluster-registry-client/templates/deployment.yaml +++ b/charts/cluster-registry-client/templates/deployment.yaml @@ -8,11 +8,11 @@ spec: replicas: {{ .Values.replicaCount | required ".Values.replicaCount is required" }} selector: matchLabels: - app: cluster-registry-client + {{- include "cluster-registry-client.selectorLabels" . | nindent 6 }} template: metadata: labels: - {{- include "cluster-registry-client.appLabels" . | nindent 8 }} + {{- include "cluster-registry-client.selectorLabels" . | nindent 8 }} annotations: kubectl.kubernetes.io/default-container: manager spec: diff --git a/charts/cluster-registry-client/templates/poddisruptionbudget.yaml b/charts/cluster-registry-client/templates/poddisruptionbudget.yaml new file mode 100644 index 00000000..ce75506b --- /dev/null +++ b/charts/cluster-registry-client/templates/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget.enabled }} +{{- if eq (.Values.replicaCount | int) (.Values.podDisruptionBudget.minAvailable| int) }} +{{- fail ".Values.replicaCount should be greater than .Values.podDisruptionBudget.minAvailable" }} +{{- else }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "cluster-registry-client.labels" . | nindent 4 }} + name: {{ template "cluster-registry-client.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "cluster-registry-client.selectorLabels" . | nindent 6 }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- end }} diff --git a/charts/cluster-registry-client/templates/podmonitor.yaml b/charts/cluster-registry-client/templates/podmonitor.yaml new file mode 100644 index 00000000..c60ce25c --- /dev/null +++ b/charts/cluster-registry-client/templates/podmonitor.yaml @@ -0,0 +1,27 @@ +{{- if .Values.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + {{- include "cluster-registry-client.labels" . | nindent 4 }} + {{- if .Values.podMonitor.extraLabels }} + {{- toYaml .Values.podMonitor.extraLabels | nindent 4 }} + {{- end }} + name: cluster-registry-client + namespace: {{ .Release.Namespace }} +spec: + jobLabel: app + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + podMetricsEndpoints: + - interval: 60s + path: /metrics + port: metrics + - interval: 60s + path: /metrics/extra + port: metrics + selector: + matchLabels: + {{- include "cluster-registry-client.selectorLabels" . | nindent 6 }} + {{- end }} diff --git a/charts/cluster-registry-client/templates/role-leader-election.yaml b/charts/cluster-registry-client/templates/role-leader-election.yaml index bd3e80e0..3f565dd7 100644 --- a/charts/cluster-registry-client/templates/role-leader-election.yaml +++ b/charts/cluster-registry-client/templates/role-leader-election.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: cluster-registry-leader-election-role + name: cluster-registry-leader-election namespace: {{ .Release.Namespace }} labels: {{- include "cluster-registry-client.labels" . | nindent 4 }} diff --git a/charts/cluster-registry-client/templates/rolebinding-leader-election.yaml b/charts/cluster-registry-client/templates/rolebinding-leader-election.yaml index 4054d212..ac2637ee 100644 --- a/charts/cluster-registry-client/templates/rolebinding-leader-election.yaml +++ b/charts/cluster-registry-client/templates/rolebinding-leader-election.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: cluster-registry-leader-election-rolebinding + name: cluster-registry-leader-election namespace: {{ .Release.Namespace }} labels: {{- include "cluster-registry-client.labels" . | nindent 4 }} diff --git a/charts/cluster-registry-client/templates/service.yaml b/charts/cluster-registry-client/templates/service.yaml index b6069604..906709db 100644 --- a/charts/cluster-registry-client/templates/service.yaml +++ b/charts/cluster-registry-client/templates/service.yaml @@ -15,4 +15,4 @@ spec: {{ fail "No ports defined" }} {{- end }} selector: - {{- include "cluster-registry-client.appLabels" . | nindent 4 }} + {{- include "cluster-registry-client.selectorLabels" . | nindent 4 }} diff --git a/charts/cluster-registry-client/templates/serviceaccount.yaml b/charts/cluster-registry-client/templates/serviceaccount.yaml index 4abfd4e2..1868778c 100644 --- a/charts/cluster-registry-client/templates/serviceaccount.yaml +++ b/charts/cluster-registry-client/templates/serviceaccount.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: cluster-registry-client + name: {{ include "cluster-registry-client.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "cluster-registry-client.labels" . | nindent 4 }} diff --git a/charts/cluster-registry-client/values.yaml b/charts/cluster-registry-client/values.yaml index 20b606fa..92fe6700 100644 --- a/charts/cluster-registry-client/values.yaml +++ b/charts/cluster-registry-client/values.yaml @@ -1,38 +1,19 @@ nameOverride: cluster-registry-client fullnameOverride: cluster-registry-client + replicaCount: 2 -clusterRegistryClient: - alertmanagerWebhook: - bindAddress: 0.0.0.0:9092 - alertMap: [] - health: - healthProbeBindAddress: :9091 - metrics: - bindAddress: 0.0.0.0:9090 - webhook: - port: 9443 - leaderElection: - leaderElect: true - resourceNamespace: cluster-registry - resourceName: 0c4967d2.registry.ethos.adobe.com -rbac: - create: true - nameSuffix: cluster-client -serviceAccount: - # Specifies whether a service account should be created, else use: 'name: "default"'' - create: true - # The name of the service account to use. - # If set, override, else will use chart fullname template - name: cluster-registry-client + imagePullSecrets: [] image: pullPolicy: IfNotPresent registry: ghcr.io/adobe/cluster-registry-client + ports: - name: metrics containerPort: 9090 - name: amwebhook containerPort: 9092 + resources: limits: cpu: 200m @@ -40,6 +21,7 @@ resources: requests: cpu: 100m memory: 200Mi + livenessProbe: httpGet: path: /healthz @@ -53,3 +35,36 @@ readinessProbe: initialDelaySeconds: 5 periodSeconds: 10 terminationGracePeriodSeconds: 10 + +clusterRegistryClient: + alertmanagerWebhook: + bindAddress: 0.0.0.0:9092 + alertMap: [] + health: + healthProbeBindAddress: :9091 + metrics: + bindAddress: 0.0.0.0:9090 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceNamespace: cluster-registry + resourceName: 0c4967d2.registry.ethos.adobe.com + +rbac: + create: true + +serviceAccount: + # Specifies whether a service account should be created, else use: 'name: "default"'' + create: true + # The name of the service account to use. + # If set, override, else will use chart fullname template + name: cluster-registry-client + +podDisruptionBudget: + enabled: true + minAvailable: 1 + +podMonitor: + enabled: false + extraLabels: {} From 147b7cebb93981a1d46da6d1f0be177dd2c63419 Mon Sep 17 00:00:00 2001 From: Adrian Aneci Date: Mon, 30 Oct 2023 13:35:42 +0200 Subject: [PATCH 2/4] Check if percentage --- .../cluster-registry-client/templates/poddisruptionbudget.yaml | 3 ++- charts/cluster-registry-client/values.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/cluster-registry-client/templates/poddisruptionbudget.yaml b/charts/cluster-registry-client/templates/poddisruptionbudget.yaml index ce75506b..7831a0b5 100644 --- a/charts/cluster-registry-client/templates/poddisruptionbudget.yaml +++ b/charts/cluster-registry-client/templates/poddisruptionbudget.yaml @@ -1,5 +1,6 @@ {{- if .Values.podDisruptionBudget.enabled }} -{{- if eq (.Values.replicaCount | int) (.Values.podDisruptionBudget.minAvailable| int) }} +{{- $isPercentage := regexMatch "^[0-9]+%$" (.Values.podDisruptionBudget.minAvailable | quote) }} +{{- if and (not $isPercentage) (le (.Values.replicaCount | int) (.Values.podDisruptionBudget.minAvailable | int)) }} {{- fail ".Values.replicaCount should be greater than .Values.podDisruptionBudget.minAvailable" }} {{- else }} apiVersion: policy/v1 diff --git a/charts/cluster-registry-client/values.yaml b/charts/cluster-registry-client/values.yaml index 92fe6700..8d2c895c 100644 --- a/charts/cluster-registry-client/values.yaml +++ b/charts/cluster-registry-client/values.yaml @@ -63,7 +63,7 @@ serviceAccount: podDisruptionBudget: enabled: true - minAvailable: 1 + minAvailable: 50% podMonitor: enabled: false From 049c07560ff63028d509c45139c975a4abdaa467 Mon Sep 17 00:00:00 2001 From: Adrian Aneci Date: Mon, 30 Oct 2023 13:35:52 +0200 Subject: [PATCH 3/4] Check if percentage --- charts/cluster-registry-client/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cluster-registry-client/README.md b/charts/cluster-registry-client/README.md index e8116098..0571c91c 100644 --- a/charts/cluster-registry-client/README.md +++ b/charts/cluster-registry-client/README.md @@ -35,7 +35,7 @@ Cluster Registry is a Rest API representing the source of record for all Kuberne | livenessProbe.periodSeconds | int | `20` | | | nameOverride | string | `"cluster-registry-client"` | | | podDisruptionBudget.enabled | bool | `true` | | -| podDisruptionBudget.minAvailable | int | `1` | | +| podDisruptionBudget.minAvailable | string | `"50%"` | | | podMonitor.enabled | bool | `false` | | | podMonitor.extraLabels | object | `{}` | | | ports[0].containerPort | int | `9090` | | From 773ff9eb9d1eec6c9df0e5663e1778466dfc5e17 Mon Sep 17 00:00:00 2001 From: Adrian Aneci Date: Mon, 30 Oct 2023 15:32:30 +0200 Subject: [PATCH 4/4] Nit --- charts/cluster-registry-client/templates/podmonitor.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cluster-registry-client/templates/podmonitor.yaml b/charts/cluster-registry-client/templates/podmonitor.yaml index c60ce25c..48fe8345 100644 --- a/charts/cluster-registry-client/templates/podmonitor.yaml +++ b/charts/cluster-registry-client/templates/podmonitor.yaml @@ -24,4 +24,4 @@ spec: selector: matchLabels: {{- include "cluster-registry-client.selectorLabels" . | nindent 6 }} - {{- end }} +{{- end }}